CVE-2019-20526
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.igniterealtime.openfire/parent
Identifiers
GHSA-5cg5-7vw6-jw4r, CVE-2019-20526
Package Slug
maven/org.igniterealtime.openfire/parent
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter.
Affected Versions
All versions before 4.4.2
Solution
Upgrade to version 4.4.2 or above.
Last Modified
2022-11-23
| source |